--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: The Cybersecurity Service for the Union institutions, bodies, offices and agencies title: 'Critical Vulnerabilities inĀ Gitlab' number: '2025-011' version: '1.0' original_date: '2025-03-13' date: '2025-03-14' --- _History:_ * _14/03/2025 --- v1.0 -- Initial publication_ # Summary On March 13, 2025, GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), addressing nine vulnerabilities, including two critical severity flaws in the `ruby-saml` library used for SAML Single Sign-On (SSO) authentication [1]. It is recommended updating affected assets as soon as possible. # Technical Details The critical vulnerabilities **CVE-2025-25291** and **CVE-2025-25292** affect the `ruby-saml` library. If exploited, it could allow an attacker with access to a valid signed SAML document to impersonate another user within the same SAML IdP environment. This can result in unauthorised access to another user's account. The vulnerability **CVE-2025-27407** is a high-severity remote code execution issue in the Ruby `graphql` library. If exploited, it allows an authenticated attacker to exploit the Direct Transfer feature (disabled by default) for remote code execution. # Affected Products These vulnerabilities affect GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 17.7.7, 17.8.5, and 17.9.2. # Recommendations CERT-EU recommends upgrading affected servers as soon as possible, prioritising Internet facing assets. ## Workarounds If immediate remediation is not possible, consider the following temporary mitigation: - Ensure all users have two-factor authentication (2FA) enabled. - Disable the `SAML two-factor bypass` option. - Request admin approval for auto-created users by setting: ```gitlab_rails['omniauth_block_auto_created_users'] = true``` # References [1]